Tuesday, 31 March 2009

Editor's Note: The spam data cited in this post is drawn from the Google enterprise security and archiving security network. For a discussion of what Google is doing to keep spam out of your Gmail inboxes on the consumer side, see this post.

In providing email security to more than 50,000 businesses and 15 million business users, Google security and archiving services, powered by Postini, process and cull spam from more than three billion enterprise email connections every day. This gives us strong insights into the state of the spam industry, some of which we share in regular posts to this blog.

Read on for a quick overview of spam trends and events in the first quarter of 2009.

Spammers have clearly rallied following the McColo takedown, and overall spam volume growth during Q1 2009 was the strongest it's been since early 2008, increasing an average of 1.2% per day. To put that number into context, the growth rate of spam volume in Q1 2008 was approximately 1% per day – which, at the time, was a record high.

Of course, like every year before it, 2008 set a new record for overall spam volume. But in 2008 spam growth flattened over the summer and early fall, and then fell off a cliff after the McColo takedown (daily growth declined to .8%, .3%, and then .01% in the last three quarters of the year). This pattern raises some interesting questions regarding what we can expect in the rest of 2009: Will spam growth once again flatten or decline after a strong first quarter? Or have spammers – as part of their recovery from the McColo takedown – rebuilt botnets to be capable of sustaining or even accelerating this early growth spurt?

It's difficult to ascertain exactly how spammers have rebuilt in the wake of McColo, but data suggests they're adopting new strategies to avoid a McColo-type takedown from occurring again. Specifically, the recent upward trajectory of spam could indicate that spammers are building botnets that are more robust but send less volume – or at least that they haven't enabled their botnets to run at full capacity because they're wary of exposing a new ISP as a target.

New types of spam

The most significant development in spam vectors this quarter was the appearance of location-based spam. In this type of attack, users click on a link in a spam message and are directed to a page that contains a fraudulent news headline describing a crisis or disaster in a major city nearby. The attack customizes the location for each user by determining the geolocation of the user's source IP and then identifying the nearest major city. The addition of location creates a heightened level of interest, and the user is tempted to click on the embedded video – which in turn downloads a virus to his or her machine.

Meanwhile, the economy, financial markets, job cuts, and resume help continue to be the most prominent topics spammers are employing as lures for more traditional attacks. We also saw increased spam activity around the U.S. presidential inauguration and St. Patrick's Day, in keeping with the recent propensity spammers have demonstrated for reading the news and keeping their eyes on the holiday calendar in targeting their attacks.

Virus roundup

In early 2008, a trend emerged in which we saw spam messages with attached viruses (otherwise known as 'payload viruses') spiking every Sunday, possibly targeting a maintenance window to catch corporate defenses when they were undergoing scheduled updates.

This year we've seen the payload viruses spread out across every day of the week, with no immediately obvious pattern in their distribution. It's difficult to say for certain what prompted the change, but one possible explanation is that spammers switched tactics because they weren't seeing the success they'd hoped for from the focused attacks.

Of course, payload viruses have also seen a recent spike overall -- in the month of March we saw a 9x increase from February. This pales in comparison to the highs we saw last summer, but it may indicate a developing trend that's worth keeping a close eye on.

Viruses delivered as a blended threat (when a spam message directs a user to a malicious website, which then results in a virus being downloaded to the user's computer) continue to be popular with spammers. E-cards are one of the best examples of this vector, and Valentine's Day saw a flurry of activity using e-cards to direct users to malicious websites.

Conclusions

Spammers continue to prove their resilience -- whether it's bouncing back from the biggest takedown on record or finding new ways to exploit the ways we communicate for malicious purposes, they're clearly here to stay. And Google believes firmly in the power of the cloud to protect your enterprise from them: Outsourcing message security to Google enables you to leverage our technical expertise and massive infrastructure to keep spammers from your door. See howmuch spam is costing your business, learnhow much you could be saving with Google Message Security, or contact us for more information.

Tuesday, 24 March 2009

An unusual disguise has helped a Bangkok fireman rescue an eight-year-old boy who had climbed on to a third-floor window ledge, Thai police say.The firefighter dressed up as the comic book superhero Spider-Man in order to coax the boy, who is autistic, from his dangerous perch.Police said teachers had alerted the fire station after the boy began crying and climbed out of a classroom window.It was reportedly his first day at the special needs school.Efforts by the teachers to convince the pupil back inside had failed.But a remark by his mother about his passion for comic superheroes prompted fireman Somchai Yoosabai to rush back to the station, where he kept a Spider-Man costume in his locker.The sight of Mr Yoosabai dressed as Spider-Man and holding a glass of juice for him, brought a big smile to the boy's face, and he promptly threw himself into the arms of his "superhero", police said.Mr Yoosabai normally uses the costume to liven up fire drills in schools.

In the late 1800s, the Brooklyn Bridge was built with no power tools, no heavy machinery, and only a basic, evolving understanding of how to make steel. It’s not these facts, but the stories surrounding the facts that inspire me when I take a good, long stare at a suspension bridge. But first…

Stunning.

In a good bridge, I see the defiant end result of how some of my favorite engineering stories begin:

‘I’m sure you can arrange an impressive line of people who say it’s impossible. I take personal joy in ignoring those who say no.’‘Yes, halfway through this project we’ll discover the impossible, but we know how to build through the impossible. Impossible is when we do our best work.’‘Trust me when I say that I can close my eyes and see the end result, and when you can see it, too, you will be amazed.’Ignore the No. When Brooklyn and New York’s population was booming at the end of the 19th century, the best way to get to and from Brooklyn was via ferries. As solutions were considered, I’m sure there were those who simply thought, ‘More boats!’ These ardent defenders of the status quo were not engineers — they were the business. Their goal was not to build something great, but to make a profit.

It was an engineer named John Roebling who proposed a suspension bridge. We take bridges for granted now, but back in the 1800s, bridges were in beta. They fell. One out of every four bridges… fell. He convinced them by designing a bridge half again as big as any before it that was six times stronger than he estimated it need to be. Roebling designed the complete specification for the bridge in a mere three months and then died of tetanus from an injury he received surveying the bridge site.

Discover the impossible. Both of the towers of the Brooklyn Bridge are in the water of the East River. Ever wonder how you dig a big hole in the bottom of a river bed? In the late 1800s? It’s called a caisson, which is a huge, watertight wooden box half the size of a city block. This monstrosity was constructed on the river, sealed with pine tar, and carefully floated to a specific location on the river. It was then slowly sunk to the riverbed by placing stone on top that would eventually become the foundation.

Done, right?

Wrong. With the caisson on the riverbed, it’s time to push it another 45 feet into the riverbed in search of bedrock. Workers did this through the continued application of stone to the top while workers in the caisson dug out the riverbed with shovels, buckets, and, when necessary, dynamite. There was nothing resembling an electrical grid, so there was nothing resembling modern lighting in this watertight pine-tarred box, which was slowly descending through the floor of the East River. There were no jack hammers, so when they hit rock, they used small amounts of dynamite to crack these rocks. In a pine-tarred box, at the bottom of a river, mostly in a very wet dark.

And when the caisson finally hit bedrock 45 feet underground, they had to do it all over again for the New York tower. 30 feet deeper.

You will be amazed. With his father killed via an accident early in the surveying process, it was Washington Roebling, John’s son, who was chief engineer. He did the balance of this work bedridden in Brooklyn Heights, suffering from caisson disease, which he acquired working in the caisson as it descended into the New York-side of the East River. It’s not technically a disease; it’s decompression sickness or the bends, and it forced him to monitor all of the work from a window in his bedroom. He relayed detailed instructions via his wife, Emily, who effectively managed a cadre of politicians, competing engineers, and anyone else working on the bridge for over a decade.

As the New York caisson descended further than its Brooklyn counterpart, the incidents of the bends increased, killing two men. With no bedrock in sight, Roebling used his knowledge of geology and mineralogy to make an amazing decision: stop digging. It wasn’t bedrock, but it was compacted sand.

The New York tower. 78 feet deep into the riverbed. Resting on sand. It hasn’t moved.

We Are Defined By What We Build

The Brooklyn Bridge was built from 1870 until 1883. A quick history refresher: five years after we finished shooting each other in the American Civil War, we started building this:

Three years after that, work started on another:

And before the Williamsburg Bridge was even done, work started on the Manhattan Bridge:

These are the words and the stories I hear in the Brooklyn Bridge: enthusiasm, audacity, impossibility, and amazement. More importantly, I see a work of bare utility with a palpable sense of confidence, an equilibrium with nature, and a beauty that only grows with time.

We are defined by what we build. It’s not just the engineering ambition that designed these structures, nor the 20 people who died building the Brooklyn Bridge. It’s that we believe we can and decide to act. I’m happy to report our new President agrees when he says,

‘In reaffirming the greatness of our nation, we understand that greatness is never a given. It must be earned. Our journey has never been one of shortcuts or settling for less. It has not been the path for the faint-hearted — for those who prefer leisure over work, or seek only the pleasures of riches and fame. Rather, it has been the risk-takers, the doers, the makers of things — some celebrated but more often men and women obscure in their labor, who have carried us up the long, rugged path towards prosperity and freedom.’

Someone, sometime soon is going to start describing the climb out of this impressive hole we’ve dug for ourselves, and they’re going to call it ‘America 2.0’. Clever, yes. We need a new version of ourselves and that’s going to involve bright, unexpected ideas from those we least expect them from, and they’re going to strike you as impossible. All you need to do to understand these terrifyingly ambitious ideas is to look back at what we’ve already done to understand what we can do.